Re: [SLUG] Reading TCP Dump
Hi Kyle, just a general question on your setup there... what sort of setup do you have regarding your internet connection? Is it a fairly typical home ADSL2+ modem with an account with an ISP? If so which one? O are you a corporate with a Telstra or Optus router? Or something like that? Thanks, Ben Donohue On 17/02/2011 1:07 PM, Kyle wrote: Hi Slug, I'd be grateful if someone could show me how to interpret this tcp dump pls. It is a sample from an attempt to renew a dhcp lease and update the dns journals. But the dns jounrals are not being updated, apparently due to the error not authorized. I just don't understand why not. If I'm reading correctly, it is saying that the dhcp server IS attempting to update dns, but is failing for whatever reason? Is this correct? Or.. 2011-02-17 12:36:08.873160 IP 192.168.1.6.ssh 192.168.1.100.52913: P 3763443825:3763444017(192) ack 1990205104 win 15048 2011-02-17 12:36:08.873441 IP 192.168.1.100.52913 192.168.1.6.ssh: . ack 3763444017 win 65535 2011-02-17 12:36:08.873688 IP 192.168.1.6.53310 192.168.1.6.domain: 65000+ PTR? 100.10.168.192.in-addr.arpa. (45) 2011-02-17 12:36:08.873854 IP 192.168.1.6.domain 192.168.1.6.53310: 65000 NXDomain 0/1/0 (122) 2011-02-17 12:36:08.873990 IP 192.168.1.6.49224 192.168.1.6.domain: 4103+ PTR? 6.10.168.192.in-addr.arpa. (43) 2011-02-17 12:36:08.874086 IP 192.168.1.6.domain 192.168.1.6.49224: 4103 NXDomain 0/1/0 (120) 2011-02-17 12:36:10.852268 IP 0.0.0.0.bootpc 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:1f:5b:f5:ec:e2 (oui Unknown), length: 300 2011-02-17 12:36:10.852471 arp who-has 192.168.1.100 tell 192.168.1.100 2011-02-17 12:36:10.852506 IP 192.168.1.6.18142 192.168.1.6.domain: 46943+ PTR? 255.255.255.255.in-addr.arpa. (46) 2011-02-17 12:36:10.852513 IP server3.domain1.com.37265 server3.domain1.com.domain: 46789 update [1a] [2n] [1au] SOA? domain1.com. (192) 2011-02-17 12:36:10.852733 IP 192.168.1.6.domain 192.168.1.6.18142: 46943 NXDomain* 0/1/0 (97) 2011-02-17 12:36:10.852858 IP server3.domain1.com.domain server3.domain1.com.37265: 46789 update NotAuth [0q] 0/0/1 (93) 2011-02-17 12:36:10.852905 IP 192.168.1.6.40827 192.168.1.6.domain: 65149+ PTR? 0.0.0.0.in-addr.arpa. (38) 2011-02-17 12:36:10.853056 IP 192.168.1.6.domain 192.168.1.6.40827: 65149 NXDomain* 0/1/0 (89) 2011-02-17 12:36:10.853093 Out XX:XX:XX:XX:XX:XX (oui Unknown) ethertype Unknown (0x0003), length 344: removed hex table 2011-02-17 12:36:11.720982 arp who-has server1.domain1.com tell 192.168.1.100 2011-02-17 12:36:11.854661 arp who-has server1.domain1.com tell 192.168.1.100 2011-02-17 12:36:16.032102 arp who-has 192.168.1.6 tell 192.168.1.100 2011-02-17 12:36:16.032116 arp reply 192.168.1.6 is-at XX:XX:XX:XX:XX:XX (oui Unknown) 2011-02-17 12:36:16.032329 IP 192.168.1.100.52913 192.168.1.6.ssh: P 1990205104:1990205152(48) ack 3763444017 win 65535 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Reading TCP Dump
Ben, std internode ADSL2+ I get about 15.8MB (or Mb ??) down. Why ?? Kind Regards Kyle On 17/02/11 1:26 PM, Ben Donohue wrote: Hi Kyle, just a general question on your setup there... what sort of setup do you have regarding your internet connection? Is it a fairly typical home ADSL2+ modem with an account with an ISP? If so which one? O are you a corporate with a Telstra or Optus router? Or something like that? Thanks, Ben Donohue -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Reading TCP Dump
Hi Kyle, Do you have a static IP? Have you set your modem up to forward DNS queries to internode DNS primary and secondary? Are you hosting your own domains? If so, is your internal server setup as the primary name server for your own domains or are you using a third party DNS service or internode DNS services (I'm presuming they have these services) If not, are you pointing your internal server to your modem IP as the forwarder for DNS queries? Thanks, Ben Donohue On 17/02/2011 1:30 PM, Kyle wrote: Ben, std internode ADSL2+ I get about 15.8MB (or Mb ??) down. Why ?? Kind Regards Kyle On 17/02/11 1:26 PM, Ben Donohue wrote: Hi Kyle, just a general question on your setup there... what sort of setup do you have regarding your internet connection? Is it a fairly typical home ADSL2+ modem with an account with an ISP? If so which one? O are you a corporate with a Telstra or Optus router? Or something like that? Thanks, Ben Donohue -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Reading TCP Dump
Ben, answers inline. Kind Regards Kyle On 17/02/11 1:38 PM, Ben Donohue wrote: Hi Kyle, Do you have a static IP? ## Yes. Have you set your modem up to forward DNS queries to internode DNS primary and secondary? ## No. There shouldn't be any need. I run an internal DNS on CentOS 5.5. (Ok, at this point, I'm trying to run an internal dns :-( ) Are you hosting your own domains? ## From an internal client dns perspective, yes. If so, is your internal server setup as the primary name server for your own domains or are you using a third party DNS service or internode DNS services (I'm presuming they have these services) If not, are you pointing your internal server to your modem IP as the forwarder for DNS queries? ## Yes. I run an internal authoritative dns (from my 192.168 subnet's clients' perspective) It is set up to go out to the www and root servers if it can't find what it's looking for. At least, I believe it is. I'm beginning to doubt myself. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Reading TCP Dump
Ok, since it is not working how it is now... then perhaps you'll try the following... setup your modem to point to internode DNS servers for DNS queries. Point your internal DNS server to point to the MODEM for upstream DNS queries. Don't set it up as DDNS. Just forwarding DNS to the next upstream DNS server in the chain if you know what I mean to get external DNS resolution. Also have port 53 TCP and UDP on your modem (coming in) to port forward to your internal DNS server. Thanks, Ben Donohue On 17/02/2011 1:44 PM, Kyle wrote: Ben, answers inline. Kind Regards Kyle On 17/02/11 1:38 PM, Ben Donohue wrote: Hi Kyle, Do you have a static IP? ## Yes. Have you set your modem up to forward DNS queries to internode DNS primary and secondary? ## No. There shouldn't be any need. I run an internal DNS on CentOS 5.5. (Ok, at this point, I'm trying to run an internal dns :-( ) Are you hosting your own domains? ## From an internal client dns perspective, yes. If so, is your internal server setup as the primary name server for your own domains or are you using a third party DNS service or internode DNS services (I'm presuming they have these services) If not, are you pointing your internal server to your modem IP as the forwarder for DNS queries? ## Yes. I run an internal authoritative dns (from my 192.168 subnet's clients' perspective) It is set up to go out to the www and root servers if it can't find what it's looking for. At least, I believe it is. I'm beginning to doubt myself. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Reading TCP Dump
Ben, I'll be happy to try that, but I'd like to understand your thinking please. Can you clarify it for me please? From what I can tell from your process below, it appears you want to send a request to update an internal DNS server with an internal client's records (for viewing by other internal clients), outside of the network to the internet only to have it come back into the network to be picked up by my internal DNS server. Do I understand that correctly? If so, I believe that will cause a further issue as there are also public dns servers set up (@ dnsmadeeasy.com) for the same domain for the rest of the world to see only what they need to see. Would that be about right? Kind Regards Kyle On 17/02/11 1:52 PM, Ben Donohue wrote: Ok, since it is not working how it is now... then perhaps you'll try the following... setup your modem to point to internode DNS servers for DNS queries. Point your internal DNS server to point to the MODEM for upstream DNS queries. Don't set it up as DDNS. Just forwarding DNS to the next upstream DNS server in the chain if you know what I mean to get external DNS resolution. Also have port 53 TCP and UDP on your modem (coming in) to port forward to your internal DNS server. Thanks, Ben Donohue On 17/02/2011 1:44 PM, Kyle wrote: Ben, answers inline. Kind Regards Kyle On 17/02/11 1:38 PM, Ben Donohue wrote: Hi Kyle, Do you have a static IP? ## Yes. Have you set your modem up to forward DNS queries to internode DNS primary and secondary? ## No. There shouldn't be any need. I run an internal DNS on CentOS 5.5. (Ok, at this point, I'm trying to run an internal dns :-( ) Are you hosting your own domains? ## From an internal client dns perspective, yes. If so, is your internal server setup as the primary name server for your own domains or are you using a third party DNS service or internode DNS services (I'm presuming they have these services) If not, are you pointing your internal server to your modem IP as the forwarder for DNS queries? ## Yes. I run an internal authoritative dns (from my 192.168 subnet's clients' perspective) It is set up to go out to the www and root servers if it can't find what it's looking for. At least, I believe it is. I'm beginning to doubt myself. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
